1 / 7

Lessons from Stuxnet

Discover the key features of Stuxnet, a sophisticated worm that targeted Siemens programmable logic controllers. Learn about its impact, unanswered questions, and the lessons we can take away from this game-changing cyber attack.

pamv
Download Presentation

Lessons from Stuxnet

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lessons from Stuxnet Matthew McNeill

  2. Quick Overview • Discovered in July 2011 • Sophisticated worm - many zero-day exploits, Siemens programmable logic controller rootkit, network and removable drive infection, peer-to-peer updates, and a command and control interface • Injects custom code into Siemens PLC • Forces PLC to report false values for frequency converter drives and run them at speeds exceeding their capacity • Most infections in Iran

  3. Some Quotes from Symantec • "...design documents may have been stolen by an insider..." • "Attackers would need to setup a mirrored environment..." • "...six months and five to ten core developers..." • "...obtain the digital certificates from someone who may have physically entered the premises of the two companies and stole them..." •  "Updates to [the Stuxnet executable] would be propagated throughout the facility through a peer-to-peer network..."

  4. Unanswered Questions • Who wrote it? • What was its target? • Was there an insider? • How did it enter the network?

  5. Why Stuxnet is important • Hype aside, Stuxnet is a game changer • Infrastructure attacks - speculation vs. reality • Attacks high-value targets via conventional computer attack vectors • "What it showed was that our current ways of thinking about security are flawed."      - David Kennedy, Diebold

  6. Lessons • Vital systems not protected by a lack of Internet connection • Vital systems not protected by complexity, expense, and proprietary code • Vital systems not protected by difficulty of attack • Infiltration does not have to happen over a network • Management vs. network security • Destroy Iran's nuclear program - speculation, but worth considering

  7. Closing Thought • Duqu • Parts nearly identical to Stuxnet • Information gathering, not sabotage - remote access • Communicated with command and control server in India • Who and why?

More Related